How best get rid of SELinux?

Fri Sep 21 19:24:40 UTC 2007

Arthur Pemberton wrote:
> On 9/21/07, Gene Heskett <gene.heskett at verizon.net> wrote:
> 
>>On Friday 21 September 2007, Ed Greshko wrote:
>>
>>>Gene Heskett wrote:
>>>
>>>>I have a firewall that has so far been bulletproof.  Its called dd-wrt,
>>>>run on an old scrap x86 box, booting busybox from a cf card, no drives in
>>>>it & only 2 fans.
>>>
>>>I'm not sure why you are comparing the functions of SELinux with the
>>>functions of a firewall.  It would be nice to hear your interpretation of
>>>the issues that SELinux targets v.s. what a Firewall targets.  If you think
>>>they serve the same functions it would be nice if you would cite your
>>>source.
>>
>>Several people have referred to 'that hacker' getting into the system, which
>>is how I at least made the connection to a firewall.
> 
> 
> So you're firewalls are capable of protecting against 'that hacker'
> who _is_ on your box, ie. has gotten past your firewall somehow -
> getting past a firewall is by no means an impossible task

No. But my backups are the appropriate response to a compromised
system, not SELinux.

[snip]

> I have several machines with SELinux disabled, and I see no messages from it.

Then you belive that at least in some circumstances SELinux has a
greater cost than it does a benefit. We agree on that. How about
allowing those who find themselves in that circumstance the lattitude
of not loading and running SELinux at all?

[snip]

>>Its a 'solution' looking for a 'problem' and if it can't find a problem, it
>>will make 10 problems just for spite.
> 
> 
> It solves problems for me, if you do not share this, that is
> understandable. But it does infact solve problems.

Though I didn't see you list one problem SELinux solved for you,
I'm not going to argue your personal assessment that the perceived
cost of SELinux to you (on some of your machines) outweighs the
perceived benefit (or rather the utility functions associated
with the perceived costs, when weighed by the probabilities you assigned
to your outcome space), since that is a personal matter.

What I don't like is RH thinking it knows better than I do what I
need in the way of security software.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!